Benefit Profiles Data Breach Settlement—Deadline January 20, 2026 20,530 Americans Just Got Up to $2,500 from Benefit Profiles

ByAll About Lawyer Reading Time: 13 minutes

Benefit Profiles agreed to settle a class action lawsuit over an April 2024 data breach that exposed personal information including names and Social Security numbers to unauthorized parties. Approximately 20,530 affected individuals can claim up to $2,500 for documented losses or receive a $50 cash payment by filing before the January 20, 2026 deadline.

An unauthorized third party accessed employee email accounts between April 3 and April 11, 2024, compromising client and employee data stored in Benefit Profiles’ systems. The court granted preliminary approval on September 3, 2025, with final approval scheduled for January 16, 2026.

This Affects You If You Were a Benefit Profiles Client

This affects you if you were a Benefit Profiles client or employee and received a data breach notice about the April 2024 incident. Understanding this Benefit Profiles settlement matters because your Social Security number and sensitive benefits information may have been exposed to cybercriminals, putting you at risk for identity theft, fraudulent tax returns, and unauthorized credit accounts that could haunt you for years. The settlement provides immediate cash compensation and free credit monitoring, but only if you file your claim before January 20, 2026.

What Happened in the Benefit Profiles Data Breach

Timeline of the April 2024 Incident

Between April 3 and April 11, 2024, an unauthorized third party gained access to an employee’s email account at Benefit Profiles. The investigation revealed that cybercriminals exploited this access to reach files containing private client and employee information.

The breach lasted approximately eight days before Benefit Profiles detected and stopped the unauthorized access. The company conducted a security review to determine what information was potentially compromised and who was affected.

Benefit Profiles mailed breach notification letters to affected individuals after completing the investigation. The notifications informed recipients that their personal information may have been accessed by unauthorized parties.

What Information Was Compromised

The April 2024 data breach potentially exposed highly sensitive personal information including names, Social Security numbers, health insurance information, employee benefits enrollment data, dates of birth, addresses, contact information, financial account information related to benefits administration, and driver’s license or state identification numbers.

Approximately 20,530 people had their information potentially compromised in this incident. The class includes all United States residents whose personal information was potentially compromised in the April 2024 Benefit Profiles data breach, including everyone who received notice about the incident.

Benefit Profiles settlement pays up to $2,500 for April 2024 data breach victims. 20,530 class members can claim cash by January 20, 2026. SSNs exposed (2026).

How the Breach Occurred

According to the class action lawsuit, cybercriminals accessed an employee’s email account. This type of email compromise attack allowed unauthorized parties to infiltrate systems by exploiting legitimate login credentials.

Once inside the email system, the attackers accessed files that contained client and employee personal information. The breach exposed the vulnerabilities in email security and access controls at Benefit Profiles.

What the Lawsuit Alleged and How It Was Resolved

The Plaintiffs’ Claims Against Benefit Profiles

The class action lawsuit alleged that Benefit Profiles failed to implement adequate data security measures to protect the personal information in its possession. Plaintiffs claimed the company was negligent in several critical ways.

The lawsuit argued that Benefit Profiles failed to properly safeguard sensitive information against unauthorized access, didn’t maintain reasonable cybersecurity infrastructure to detect and prevent email account compromises, and was unable to identify malicious activity quickly enough. The complaint also alleged that clients suffered harm including increased identity theft risk, time and money spent addressing breach consequences, and emotional distress from having their most sensitive data exposed.

Legal theories included negligence, breach of implied contract, violation of state data breach notification laws, and unjust enrichment.

Settlement Without Admission of Wrongdoing

Benefit Profiles denied all allegations and maintains it committed no wrongdoing. However, the company agreed to the settlement to avoid the expense and uncertainty of continued litigation and to provide benefits to affected individuals.

Hamilton County Common Pleas Court granted preliminary approval for the settlement on September 3, 2025. The final approval hearing is scheduled for January 16, 2026, where the judge will determine whether the settlement is fair, reasonable, and adequate for the class.

What the Benefit Profiles Settlement Provides

Cash Payment Options

Settlement class members who submit a timely, valid claim form have multiple options for reimbursement for data breach-related losses that occurred between April 3, 2024, and January 20, 2026.

Documented Ordinary Expenses (up to $500): Consumers seeking reimbursement for ordinary expenses incurred due to the data breach can receive a cash payment of up to $500. Reimbursable ordinary expenses include costs resulting from fraud or identity theft such as accountants’ fees, expenses associated with freezing or unfreezing credit, credit monitoring services purchased, fraudulent charges not reimbursed by your bank, and identity theft resolution services.

Claim forms for documented ordinary expenses must be accompanied by documentation showing proof of the expenses, such as receipts for services prepared by third parties, bank statements, credit card statements, invoices, or bills.

Documented Extraordinary Expenses (up to $2,500): Class members who submit a claim form for documented extraordinary expenses arising from the data breach can receive a cash payment of up to $2,500. Extraordinary losses include identity theft or fraud that the data breach most likely caused. These losses must not already be covered by ordinary losses, and claimants must show they tried to prevent the loss or recover their money, for example by using insurance.

Alternative $50 Cash Payment: An alternative cash payout of $50 is available for class members who do not submit a claim for reimbursement of ordinary or extraordinary losses stemming from the Benefit Profiles data breach. No documentation is required for this option. This amount may be increased or decreased on a pro rata basis depending on the total number of valid claims filed.

Pro Tip: Even if you haven’t experienced fraud or spent money on credit monitoring, file a claim for the $50 alternative cash payment. That’s money you’re entitled to as a class member, and filing takes just a few minutes online. Don’t leave free money on the table.

Free Credit Monitoring Services

All class members are eligible to enroll in two years of three-bureau credit monitoring services, which include $1 million in identity theft protection insurance. This benefit is available regardless of whether you file for cash compensation.

The credit monitoring services include monitoring of your credit files at Equifax, Experian, and TransUnion, dark web monitoring for your personal information, identity theft insurance coverage up to $1 million, and fully managed identity recovery services if you become a victim of identity theft.

Who Is Eligible and How to File a Claim

Class Definition

The settlement class includes all individuals residing in the United States whose personal information was potentially compromised in the April 2024 Benefit Profiles data security incident. This specifically includes anyone who received a written notice from Benefit Profiles stating the incident compromised their personal information.

Excluded from the class are persons who timely and validly request exclusion, the judge and court staff assigned to the case, Benefit Profiles’ officers and directors, and anyone found guilty of initiating or aiding the criminal activity that caused the breach.

How to File Your Claim

To file a claim, visit the official settlement website at BenefitProfilesDataSettlement.com. You can submit your claim online by entering the unique ID and PIN found on your settlement notice, or download a PDF of the claim form to print, fill out, and mail to the settlement administrator.

If claiming reimbursement for ordinary or extraordinary expenses, you must provide documentation to prove your losses. Acceptable documentation includes receipts, bank statements showing fraudulent charges, credit card statements, invoices, bills, or other proof that expenses were incurred as a result of the breach.

For the alternative $50 cash payment, no documentation is required—simply complete the basic claim form information.

Critical Deadline

Benefit Profiles settlement claim forms must be submitted online or by mail by January 20, 2026. This is a hard deadline. Claims submitted after this date will not be accepted, and you’ll forfeit your right to compensation.

The objection deadline for those who disagree with settlement terms and the opt-out deadline for those wanting to pursue individual lawsuits have not been publicly announced but typically fall before the claim deadline.

The final approval hearing is scheduled for January 16, 2026, at 2:00 p.m.

What Happens Next

After you file your claim, the settlement administrator will review it for completeness and eligibility. The settlement administrator will distribute payments after the court grants final approval to the settlement and resolves any appeals.

Typically, this means payments arrive 6-12 months after the claim deadline, likely sometime in the second half of 2026 if final approval is granted as scheduled.

What You Must Know About This Data Breach

Could This Breach Have Been Prevented?

Data breaches in benefits administration and HR services commonly result from phishing attacks on employees, unpatched software vulnerabilities, weak passwords or inadequate access controls, third-party vendor security failures, ransomware attacks, and inadequate encryption of stored data.

The Benefit Profiles breach appears to have resulted from an email account compromise—a security failure that could have been prevented with multi-factor authentication, employee security awareness training, email security filters, and better access controls limiting what files can be accessed through email systems.

Industry standards for protecting client benefits data include encrypting all sensitive information both in transit and at rest, implementing least-privilege access policies so employees can only access data they need for their job functions, monitoring for unusual account activity, and requiring multi-factor authentication for all system access.

Your Ongoing Risk from the Breach

Even with this settlement, your data may still be at risk. Once Social Security numbers appear on the dark web following a breach, criminals can exploit that data indefinitely for identity theft, filing fraudulent tax returns, opening credit accounts, or committing medical fraud.

Settlement compensation doesn’t undo the privacy violation or eliminate future identity theft risk. You must actively protect yourself by monitoring credit reports and financial accounts for suspicious activity, setting up fraud alerts or credit freezes with the three major credit bureaus, watching for phishing attempts or suspicious emails claiming to be from Benefit Profiles or the settlement administrator, and understanding that identity theft types can occur months or years after the initial breach.

How This Settlement Compares to Other Data Breach Cases

The Benefit Profiles settlement amount has not been publicly disclosed in available court documents, but the compensation structure is consistent with typical data breach settlements in the benefits administration and HR services sector.

Most data breach settlements provide $20 to $100 per person for basic claims without documented losses. The $50 alternative payment in the Benefit Profiles settlement falls within this range. The availability of up to $500 for ordinary losses and $2,500 for extraordinary losses is more generous than many comparable settlements.

For context, recent comparable settlements include the Landmark Admin $6 million settlement for a May-June 2024 breach affecting 1.6 million consumers (offering $30 cash payment or up to $2,500 for losses), and the Sequoia Benefits settlement offering similar payment structures.

Factors affecting settlement size include the number of affected individuals, types of data exposed (Social Security numbers and health insurance information lead to higher settlements), evidence of actual identity theft or fraud resulting from the breach, the defendant’s financial condition and ability to pay, and the strength of security failures alleged in the lawsuit.

Your Rights and Options Under the Settlement

Accepting the Settlement

If you file a claim by the January 20, 2026 deadline, you’ll receive your chosen form of payment and remain a class member. However, you’ll release all claims against Benefit Profiles related to this breach and cannot sue the company individually. This is the simplest option for most people and ensures you receive compensation.

Objecting to the Settlement

You can object if you think the settlement is unfair. You must file a written objection with the court by the specified deadline and can attend the January 16, 2026 final approval hearing to voice your concerns. Even if you object, you’re still bound by the settlement if the court approves it—unless you also opt out.

Opting Out

Opting out excludes you from the settlement class entirely. You must send a written opt-out request by the deadline specified in your notice. If you opt out, you preserve your right to sue Benefit Profiles individually but receive nothing from this settlement. This only makes sense if you have significant individual damages worth pursuing separately, such as actual identity theft that resulted in major unrecovered financial losses.

Doing Nothing

If you take no action, you get nothing but are still bound by the settlement and release your claims. This is the worst option—you give up your legal rights to sue Benefit Profiles over this breach without receiving any compensation.

What to Do Next If You’re Affected

Immediate Steps for Affected Individuals

Locate your breach notification letter from Benefit Profiles. This proves you’re a class member and may contain your unique ID and PIN for filing online. Visit BenefitProfilesDataSettlement.com for official information and the claim form.

Gather documentation of any out-of-pocket losses including receipts for credit monitoring services you purchased, bank statements showing fraudulent charges, credit card statements with unauthorized transactions, invoices from identity theft resolution services, and time logs documenting hours spent addressing the breach.

File your claim before the January 20, 2026 deadline even if you have no documented losses—you’re still entitled to the $50 cash payment. Consider whether to accept the settlement, object, or opt out based on your specific situation. Enroll in the free two-year credit monitoring offered through the settlement.

Protecting Yourself After This Data Breach

Take immediate protective steps. Place fraud alerts on your credit reports with Equifax, Experian, and TransUnion by calling any one of the three bureaus. Consider a credit freeze to prevent new accounts from being opened in your name without your explicit permission.

Monitor bank and credit card statements for unauthorized transactions. Check your credit reports for suspicious activity—you’re entitled to free weekly credit reports from all three bureaus through 2026 at AnnualCreditReport.com.

Change passwords for financial accounts, especially if you used the same password for any Benefit Profiles systems or employee portals. Set up account alerts for unusual activity on your bank accounts and credit cards.

Long-term protection requires continued vigilance. Keep monitoring your credit for at least 2-3 years after the breach. Be extremely wary of phishing emails or calls claiming to be from Benefit Profiles or the settlement administrator—the only legitimate contact will come from the settlement administrator listed on the official settlement website.

Settlement payments for identity theft losses are generally not taxable, but payments for time and inconvenience may be taxable income. Consult a tax professional if you receive a significant settlement payment, particularly if you claim the maximum $2,500 for extraordinary losses.

Where to Find Reliable Information

The official settlement website at BenefitProfilesDataSettlement.com provides claim forms, frequently asked questions, important dates and deadlines, court documents including the settlement agreement and preliminary approval order, and contact information for the settlement administrator.

Settlement administrator contact information: Benefit Profiles Inc. Data Security Incident Settlement, c/o Settlement Administrator, P.O. Box 25226, Santa Ana, CA 92799-9958. Phone: 833-417-4909. Email: [email protected].

For additional resources, check the case docket Barrington v. Benefit Profiles, Inc. for case details if publicly available, plaintiffs’ attorneys’ websites for settlement information, your state attorney general’s consumer protection division, Federal Trade Commission identity theft resources at IdentityTheft.gov, and the Consumer Financial Protection Bureau.

If you need legal help, contact consumer protection attorneys if you’re considering opting out to pursue individual claims, legal aid organizations if you’re low-income and need assistance, or your state bar association’s lawyer referral service.

Frequently Asked Questions

How much money will I get from the Benefit Profiles settlement?

You can receive up to $500 for documented ordinary expenses related to the breach, up to $2,500 for documented extraordinary losses like identity theft, or a $50 cash payment if you don’t have documented losses. The $50 amount may increase or decrease depending on how many people file claims.

When is the deadline to file a Benefit Profiles settlement claim?

The claim filing deadline is January 20, 2026. Claims submitted after this date will not be accepted, and you’ll forfeit your right to compensation from the settlement.

What information was stolen in the Benefit Profiles data breach?

The breach potentially exposed names, Social Security numbers, health insurance information, employee benefits data, dates of birth, addresses, financial account information, and driver’s license or state identification numbers of approximately 20,530 individuals.

Am I eligible for the Benefit Profiles settlement?

You’re eligible if you’re a United States resident whose personal information was potentially compromised in the April 2024 Benefit Profiles data breach and you received a written notice about the incident from Benefit Profiles.

How do I file a claim for the Benefit Profiles settlement?

Visit BenefitProfilesDataSettlement.com and either file online using your unique ID and PIN from your notice, or download a PDF claim form to print, complete, and mail to the settlement administrator by January 20, 2026.

Should I accept the Benefit Profiles settlement or opt out?

Most people should accept the settlement and file a claim. Only opt out if you suffered significant individual damages that exceed what the settlement offers and you’re willing to pursue your own lawsuit against Benefit Profiles at your own expense.

When will I receive my Benefit Profiles settlement payment?

Payments will be distributed after the January 16, 2026 final approval hearing and after any appeals are resolved, typically 6-12 months after the claim deadline—likely in the second half of 2026.

Last Updated: January 14, 2026 — We keep this current with the latest legal developments.

Disclaimer: This article provides information about the Benefit Profiles data breach settlement based on the settlement agreement, court documents, and the official settlement administrator website at BenefitProfilesDataSettlement.com. It is not legal advice, and AllAboutLawyer.com does not provide legal services. If you have specific legal questions about the Benefit Profiles settlement or your rights as a class member, consult a qualified attorney. Information is based on publicly available documents and may change as the case proceeds through final approval.

Take Action Now: Don’t let the January 20, 2026 deadline pass. Visit the official settlement website today to file your claim and secure your share of the settlement. Even if you haven’t experienced fraud, you’re entitled to at least $50 just for being affected by this breach.

Stay informed, stay protected. — AllAboutLawyer.com

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *